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LISTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the present 
appUcation. Additions to existing claims are identified by undertining. Deletions to existing 
claims are indicated by otrUcothrough or [[double brackets]]. 

1. (Currently Amended) A network security apparatus for securing packet header information 
of a data packet, comprising: 

a key exchanger adapted to derive a cipher key; 

a translator adapted to translate predetermined portions of said packet header information 
according to a cipher algorithm keyed by the cipher key into translated packet heaijer 
infonnation. and replace said predetermined nortions of s a id packet header information with the 
translated packet header information in the da ta packet: and 

a communication device adapted to communicate the data packet between a first enclave 
and a second enclave through a wide area network; 

wherein said predetermined portions of said p acket header information include a 
destination host address portion that identifies a destinati o n host within the second enclave, a 
destination port number and a sequence parameter that changes on a per-packet basis, and 
wherein said predetermined portions of said packet header i nformation do not include an address 
portion associated with either the first enclave or the second enclave. 

2. (Currently Amended) A network security apparatus as set forth in Claim 1 , wherein the 
predetermined portions of packet header information further comprise: 

a source host address portion identity information that identifies a sending host within the 
first enclav e and a roooiving hoot within the o e oond onolav e. 

3. (Original) A network security apparatus as set forth in Claim 1, wherein said tiranslator is 
adapted to queue the data packet until said key exchanger has derived the cipher key. 
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4. (Original) A network security apparatus as set forth in Claim 1, wherein said key exchanger 
further comprises: 

a timer adapted to reset at a predetermined time interval, wherein said key exchanger 
derives the cipher key when said timer resets and the data packet is present at said translator. 

5. (Original) A network security apparatus as set forth in Claim 1 , wherein tiie wide area 
network is thelntemet. 

6. (Currently Amended) A network security apparatus for securing packet header information 
of a data packet, comprising: 

a random number generator adapted to generate a random number; 

a translator adapted to translate predetermined portions of said packet header information 
accorxling to a cipher algorithm seeded by the random number into transl^tgd packet header 
information- and replace said predetermined portion s of said packet header information with the 
translated packet header information in the data packet; and 

a communication device adi^)ted to communicate the data packet between a first enclave 
and a second enclave through a wide area network; 

wherein said predetermined portions of said packet he ader information include a 
destination host address portion that identifies a dest ination host vyitiiin the second enclave, a 
destination port number and a sequen ce parameter that changes on a per-packet basis, and 
wherein said predetermiped portions of said packe t header information do not include an address 
portion associated with either the first enclave or the second enclave. 

7. (Currently Amended) A network security apparatus as set forth in Claim 6, wherein the 
predetermined portions of packet header information further comprise: 

a source host address portion identity information tiiat identifies a sending host. 

8. (Original) A network security apparatus as set forth in Claim 6, fiirther comprising: 
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a timer adapted to reset at a predetermined time interval, wherein said random number 
generator derives the random number when said timer resets and the data packet is received by 
said translator. 

9. (Original) A network security apparatus as set forth in Claim 6, wherein the wide area 
network is the Internet. 

10. (Currently Amended) A network security system for securing packet header information of 
a data packet communicated between a first enclave and a second enclave through a wide area 
network, the system comprising: 

a first communication device in communication with the first enclave and the wide area 
network, said first communication device adapted to receive the data packet, translate 
predetermined portions of said packet header information into translated packet header 
information and replace said oredetermined port i ons of said packet header information with the 
translated packet header information in the data packet, and place the data packet on the wide 
area network; and 

a second communication device in communication with the second enclave and the wide 
area network, said second communication device adapted to receive and restore the 
predetermined portions of the data packet ftom the trans lated packet header information and 
place the data packet onto the second enclave; 

whftrein said predetermined portions of said packet header information include a 
Hflstination host address portion that identifies a destination host within the second enclave, a 
destination port number and a sequence pa rameter that changes on a per-packet t>asis, and 
wherein said predetermined portions of said packet head e r information do not include ap address 
portion associated with either the first e nclave or the second enclave. 

11. (Currently Amended) A network security system as set forth in Claim 10, wherein the 
predetermined portions of packet header information fiirther comprise: 

a source host address portion identity information that identifies a sending host within the 
first enclave and a roooiving hoot within tho oooond cnolave . 
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12. (Original) A network security system as set forth in Claim 10, further comprising: 

a key exchanger coupled to said first and second communication devices, adapted to 

derive a cipher key, and 

a timer electrically coupled to said key exchanger, adapted to reset at a predetermined 

time interval. 

13. (Original) A network security system as set forth in Claim 12, 

wherein said key exchanger derives the cipher key when said timer resets and the first 
communication device receives the data packet, and 

wherein said first and second communication devices translate the predetermined 
portions of packet header information according to a cipher algorithm keyed by the cipher key. 

14. (Original) A networic security system as set forth in Claim 12, wherein said first and second 
communication devices are adapted to queue the data packet until the key exchanger has derived 
the cipher key. 

15. (Original) A network security system as set forth in Claim 10, wherein the wide area 
network is the Intemet. 

16. (Currently Amended) A method for securing packet header information ofa data packet, 

comprising: 

deriving a cipher key; 

translating predetermined portions of said packet header information according to a 
cipher algorithm keyed by the cipher ke v into translated pack et header information; 

replacing said predetermined portions of said pa cket header information ynth the 
translated packet header information in the data packet; and 

communicating the data packet between a first enclave and a second enclave through a 
wide area network; 
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whfirein said pr^etermined portions of said packet header information include a 
^»cf;^nrin« hnst address portion that identi fies a destination host withip the second enclave, a 
H^ctini.t,nT, port number and a seQuen ce parameter that changes on a per-packet basis, and 
wi,^.;n >.^iH predetermined portions of sai d packet header information do not include an address . 
pnrtion associated with either the first enclav e or the second enclave. 

17. (Currentiy Amended) A method for securing packet header information as set forth in 
Claim 16, wherein the predetermined portions of packet header infonnation further comprise: 

a source host address portion identity information that identifies a sending host within the 
first enclave and a roooiving hoot within th e second e nolav e. 

18. (Original) A method for securing packet header information as set forth in Claim 16 further 
comprising: 

queuing the data packet until the cipher key has been derived. 

19. (Original) A method for securing packet header infonnation as set forth in Claim 16 fiurther 
comprising: 

deriving the cipher key at a predetermined time interval if the data packet to be 
communicated has been presented to said translating step. 

20. (Original) A method for securing packet header information as set forth in Claim 16 
wherein the wide area networic is the Internet. 

21. (Currently Amended) A method for securing packet header information of a data packet, 

comprising: 

generating a random number; 

translating predetermined portions of said packet header information according to a 
cipher algorithm seeded by the random mimher into translated packet header information; 

re placine said predetermined portions of said p acket header information with the 
tr p-nslated packet header information in the data packet: and 
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communicating the data packet between a first enclave and a second enclave through a 
wide area network; 

..,h^ir. predeterm ined portions of said packet header information include a 
HPstination host «HHress portion t h^t identifies a destination host within the second enclave, a 
H^stination port nnmher and a seg iie-nce parameter that changes pn a per-papket basis, and 
wherein said pre^«te.m,ined portions of said packet header informati on do not include an address 
portion assor -j ated with either the first e nclave or the second enclave. 

22. (Currently Amended) A method for securing packet header infonnation as set forth in 
Claim 21, wherein the predetermined portions of packet header further comprises: 

a souTce host address portion identity information that identifies a sending host. 

23. (Original) A method for securing packet header infonnation as set forth in Claim 21, further 
comprising: 

deriving the random number at predetermined time interval if the data packet to be 
communicated has been presented to said tiranslating step. 

24. (Original) A method for securing packet header information as set forth in Claim 21, 
wherein the wide area network is the Internet. 

25. (Currently Amended) A method for securing packet header information ofa data packet, 
comprising: 

receiving the data packet at a first communication device; 

translating predetermined portions of packet header information ipto translated packet 
header infprmation : 

replacing said predetermined portions of sa id packet header information with the 
translated packet header information in th e data packet: 

sending the data packet to a second enclave through a wide area network; 
receiving the data packet at a second communication device on the second enclave; 
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restoring tra«slat«g the predetermined portions of the data packet from the translated 
park et header information at the second communication device; and 
placing the data packet onto the second enclavei 

^vherein said or^Hetermined po r tions of said packet header information include a 
destination host artHress portion that identifies a H^Qtination host within the second enclave, a 
destination port ""mher and a senuence parameter that changes on a per-packet basis, md 
wherein said preH^-t^miined porti o ns of said packet header information do not include an address 
portion assopiated with either the first en clave or the second enclave. 

26. (Currentiy Amended) A method for securing packet header information as set forth in 
Claim 25, wherein the predetermined portions of packet header information further comprise: 

fl source host address portion identity information that identifies a sending host witiiin the 
first enclave and a roooiving hoot within th e oooond onolave . 

27. (Original) A method for securing packet header information as set forth in Claim 25. fiirlher 
comprising: 

deriving a cipher key at a predetermined time interval if the data packet is presented to 
the first communication device; and 

translating the predetermined portions of packet header information for the data packet 
according to a cipher algorithm seeded by the cipher key. 

28. (Original) A metiiod for securing packet header information as set forUi in Claim 27, fiirther 
comprising: 

queuing the data packet until the cipher key has been derived. 

29. (Original) A method for securing packet header information as set forth in Claim 25, 
wherein the wide area network is the Internet. 

30. (Currentiy Amended) A communication device adapted for processing packet header 
information of a data packet, the communication device being operable to: 
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derive a cipher key; 

translate predetermined portions of said packet header infonnation according to a cipher 
algorithm keyed by the cipher key into translated packet header iofprmation; 

re place said predetermined portions of said pac k et heade r informati on with the translated 
packet header information in the data packet: and 

communicate the data packet between a first enclave and a second enclave through a 

wide area network; 

wherein said predetermined portions of said packet h eader information include a 
destination hast address portion that identifies a desU n ation host within the second enclave,,^ 
destination port number and a seouence p arameter that changes on a per-packet basis, and 
yyherein said predetermined portions of said packet he ader information do not include an address 
portion associated with either the first enclave o r the second enclave. 

31. (Currently Amended) A communication device as set forth in Claim 30, wherein the 
predetermined portions of packet header information fiirther comprise: 

a source host address portion identity information that identifies a sending host within the 
first enclave and a rec e iving host within th e pooond enclave . 

32. (Original) A communication device as set forth in Claim 30, the communication device 
being further operable to queue the data packet until the cipher key has been derived. 

33. (Original) A communication device as set fordi in Claim 30, the communication device 
being further operable to derive the cipher key at a predetermined time interval if the data packet 
to be communicated has been generated. 

34. (Original) A communication device as set forth in Claim 30, wherein the wide area network 
is the Internet. 

35. (Currently Amended) A communication device adapted for processing packet header 
information of a data packet, the communication device being operable to: 
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generate a random number; 

translate predetermined portions of said packet header information according to a cipher 
algorithm seeded by the random number into translated packet header information; 

r^l.r. predetermined rnrtions of said packet header information with the translated 
packet header information in the data packet ; and 

communicate the data packet between a first enclave and a second enclave through a 

wide area network; 

wherein said predetermined portions of said packet header infor mation ipplude a 
destination host address portion that ident i fies a destination host within the second enclave, a 
destination port number and a sequence pa rameter that chanees on a per-packet basis, and 
wherein said predetermined portions of said nacket header information do not include an address 
portion associated with either the fi rst enclave or the second enclave. 

36. (Currently Amended) A communication device as set forth in Claim 35, wherein the 
predetermined portions of packet header fiirther comprises: 

a source host address portion identity infonnation that identifies a sending host. 

37. (Original) A communication device as set forth in Claim 35, the communication device 
fiirther operable to derive the random number at predetermined time interval if the data packet to 
be communicated has been presented to the communication device. 

38. (Original) A communication device as set forth in Claim 35, wherein the wide area network 
is the Internet. 

39. (Currently Amended) A device for securing packet header infonnation ofa data packet, 

comprising: 

means for deriving a cipher key; 

means for translating predetermined portions of said packet header information according 
to a cipher algorithm keyed by the cipher key into translate d packet header infonnation; 
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m^r,nc fnr re placing said predetermined portions of said packet header informatioyi with 
the translated packet header infonnat ion in the data packet; and 

means for communicating the data packet between a first enclave and a second enclave 

through a wide area network; 

wherein said predetermined portions of said pac ket header information include a 
destination host address portion that identif ies a destination host within the second enclave, a 
destination port number and a sequenc e parameter that changes on a per-packet basis, and 
wherein said predetermined porrions of said packet header infonnation do not include an addres? 
portion associated with either the first enclave or the second enclave. 

40. (Currently Amended) A device for securing packet header information as set forth in Claim 
39, wherein the predetermined portions of packet header information further comprise: 

a source host address portion identity infoimation that identifies a sending host within the 
first enclave and a roo e iying host within tbo aooond enclav e. 

41. (Original) A device for securing packet header information as set forth in Claim 39, further 
comprising: 

means for queuing the data packet until the cipher key has been derived. 

42. (Original) Adeviceforsecviringpacketheaderiiiformationasset forth in Claim 39, further 
comprising: 

means for deriving the cipher key at a predetermined time interval if the data packet to be 
communicated has been presented to said means for translating. 

43. (Original) A device for securing packet header information as set forth in Claim 39, wherein 
the wide area network is the Internet. 

44. (Currently Amended) A device for securing packet header information of a data packet, 
comprising: 

means for generating a random number; 
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means for translating predeteimined portions of said packet header infomation according 
to a cipher algorithm seeded by the random number into ty^lated parket hf.ader infonn^tion; 

means for replar-ing said predet e rmined portions of said papket header information with 
the translated packet header informatio n in the data packet: and 

means for communicating the data packet between a fast enclave and a second enclave 

through a wide area network; 

wherein said predetermined portions of said packet header information include a 
destination host address portion that identifi e s a destination host within the second enclave, a 
destination port number and a sequence pa r ameter that changes on a per-packet basj?, and 
wherein said predetermined portions of said packet header information do not include an address 
portion associated with either the first enclave o r the ^econd enclave. 

45. (Currently Amended) A device for securing packet header information as set forth in Claim 
44, wherein the predetermined portions of packet header fiirther comprises: 

a source host address portion identity information that identifies a sending host. 

46. (Original) A device for securing packet header information as set forth in Claim 44, further 
comprising: 

means for deriving the random number at predetermined time interval if the data packet 
to be communicated has been presented to the means for translating. 

47. (Original) A device for securing packet header mformation as set forth in Claim 44, wherein 
the wide area network is the Internet. 

48. (Cun^tly Amended) A device for securing packet header information of a data packet, 
comprising: 

means for receiving the data packet at a first commimication device; 
means for translating predetermined portions of packet header information into translated 
packet header information: 
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means for replacing said predetermined portio ns of said packet header information with 
the translated packet header inform ation in the data packet; 

means for sending the data packet to a second enclave through a wide area network; 

means for receiving the data packet at a second communication device on the second 
enclave; 

means for translating the predetermined portions of the data packet at the second 
communication device; and 

means for placing the data packet onto the second enclave; 

wherein said predetermined portions of said packet header inform ation include a 
destination host address portion that ideatifi e « a destination host within the second enclave, a 
destination port number and a seq uence par a meter that changes on a per-packet basis, and 
wherein said predetermined portions of said p acket header information do not include an address 
portion associated with either the fi rst enclave or the second enclave. 

49. (Currently Amended) A device for securing packet header information as set forth in Claim 
48, wherein the predetermined portions of packet header information further comprise: 

a source host address portion identity information that identifies a sending host within the 
first enclave and a r e c e ding hoot within th e second onolave . 

50. (Original) A device for securing packet header information as set forth in Claim 48, further 
comprising: 

means for deriving a cipher key at a predeteraiined time interval if the data packet to be 
communicated has been presented to the first communication device; and 

means for translating the predetermined portions of packet header information for the 
data packet according to a cipher algorithm seeded by the cipher key. 

5 1 . (Original) A device for securing packet header information as set forth in Claim 50, further 
comprising: 

means for queuing the data packet until the cipher key has been derived. 
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52. (Original) A device for securing packet header information as set forth in Claim 48, wherein 
the wide area network is the Internet. 
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